Stiofang Posted March 10, 2010 Posted March 10, 2010 I've tried RC5 of IM Sniffer (http://imsniffer.sourceforge.net/) but it seems to lock up under Windows 7 - Anyone know of any other good free ware IM Sniffers that work under Windows 7? Quote
Sparda Posted March 10, 2010 Posted March 10, 2010 Did you install the correct version of winpcap? Quote
h3%5kr3w Posted March 10, 2010 Posted March 10, 2010 why don't you just use wireshark with a filter? Quote
bobdole369 Posted March 10, 2010 Posted March 10, 2010 why don't you just use wireshark with a filter? ROFL this. I can't tell you how much ammo I found when I was in control of the "router" machine that came across port 5190. Trouble is you need that machine thats in the path, OR you need on the same HUB (not a switch) as the target machine. Unlikely these days. Quote
digip Posted March 11, 2010 Posted March 11, 2010 ROFL this. I can't tell you how much ammo I found when I was in control of the "router" machine that came across port 5190. Trouble is you need that machine thats in the path, OR you need on the same HUB (not a switch) as the target machine. Unlikely these days. A simple MITM via cain or ettercatp with Wireshark running would show you all the (unencrypted) traffic, not just IM traffic. Add ssl strip to the mix, and you then see all the SSL encrypted traffic as well in plain text since you are essentially removing SSL encryption. Not sure what you mean by "machine thats in the path" but you can sniff traffic on a switch so long as it is capable of port mirroring. Most consumer routers are router/switch combos and while MITM works very well for wireless networks, a wired router/switch combo will at some point start to bork after a while when the device refreshes its table from an arp refresh. This ends up causing everyone in the arp poison loop to lose connectivity to each other and the router kind of stalls for a bit. Sometimes it recovers, and other times it requires either an arp and dns flush or simple reboot of the devices. Quote
h3%5kr3w Posted March 11, 2010 Posted March 11, 2010 (edited) ROFL this. I can't tell you how much ammo I found when I was in control of the "router" machine that came across port 5190. Trouble is you need that machine thats in the path, OR you need on the same HUB (not a switch) as the target machine. Unlikely these days. OIC! I thought the op was talking about sniffing on the same network on ipv4 on the switch side :P Here's a question I have been thinking about.. is it possible to sniff @ all on ipv6, since it doesnt support broadcast? *i mean without taking over the switch or router? also is there switches that support ipv6 routing?* Edited March 11, 2010 by h3%5kr3w Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.